With the proliferation of security threats we are required today, more than ever before, to effectively manage computer systems. Computers that we are responsible for in labs, classrooms, and faculty and staff offices require constant attention as manufacturer-supplied program patches and updates become available. Missing a critical update or patch in your networked environment can spell disaster or cost countless hours of "cleaning up" after an errant worm wreaks havoc on unpatched machines.

Microsoft has done a good job of publishing operating system patches and critical updates; however, actually updating all of the machines in the academic environment can be a daunting task. While we can adequately use Windows Automatic Update in the homogeneous lab and classroom environment, the procedure can be circumvented by users in their offices. And while user education seems to be effective at first, system updates soon take a back seat to users' regular work and research tasks.

This paper discusses an enterprise update strategy that was adopted by Tulane University's Freeman School of Business. We will discuss the challenges associated with updating hundreds of workstations in labs, classrooms, and faculty and staff offices. We will look at several patch management software products that we reviewed and discuss their relative merits. We will then discuss the selected product and its implementation in the current production environment, including the user education involved and the political issues surrounding "touching" desktops. Finally, we will discuss the successes that we realized and the administrative challenges of ongoing patch management in a complex, enterprise environment.